1. Technical Field
The present disclosure relates to content distribution and more specifically to securing media using sub-key derivation for mixed media secured content.
2. Introduction
Content distributors are faced today with an increasing number of device types which are capable playing secure content. These different device types often have different capabilities. One solution to this problem is a mixed media asset bundle. Such a bundle can include multiple different types, forms, sizes, and qualities of the media. For example, a mixed media asset bundle can include low resolution video, high definition video, monaural audio, stereo audio, audio in different languages, surround audio, text, and still images. In mixed media asset bundles, media decryption happens in different components of the system for different kinds of media. A video pipeline decrypts video content, an audio pipeline decrypts audio content, an image library decrypts images, a text rendering engine decrypts text, and so forth. If there is one master key for the whole asset, a security breach that reveals the master key in one media subsystem can put the other subsystems and/or the master key itself at risk. The master key should not be revealed, and expansion of the master key database should be kept to a minimum, because space is very costly because there is a key set per account.
One solution is multiple key domains. For example, sub-asset 1 is protected with a key, and that key is protected 4 different times. Thus, the decryption key is protected N different times with N different encryption schemes, one for each target platform, such that if an attacker broke a particular sub-asset on one platform, attackers would not be able to perform the same task on other platforms using the same attack. This approach does not scale well. Each one of those keys is protected differently but all of the copies of the keys live inside the asset. So when a user purchases content, the server sends the user the protection of all the keys so the user can play that content everywhere, no matter where the content is synced or streamed. However, in each one of those places the client will be playing it, the server will send the client only one of the keys protecting the individual copies of the decryption keys. A given movie can have one key for each track. More tracks lead to more keys in the database, which quickly becomes absurd. One movie purchase can generate 8, 9, or more keys in the database.